我使用OkHttp作为Retrofit的客户端。我无法点击某个https网址。此服务器仅支持TLS 1.0和以下密码 的 TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_RC4_128_MD5
以下是我实例化OkHttpClient的方法:
OkHttpClient client = new OkHttpClient();
try {
// Create a trust manager that does not validate certificate chains
final TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}};
// Install the all-trusting trust manager
final SSLContext sslContext = SSLContext.getInstance("TLSv1");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// Create an ssl socket factory with our all-trusting manager
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
client.setSslSocketFactory(sslSocketFactory);
client.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
} catch (Exception e) {
throw new RuntimeException(e);
}
return client;
}
我的应用程序不断抛出此异常:
javax.net.ssl.SSLProtocolException:SSL握手中止:ssl = 0x9742f000:SSL库失败,通常是协议错误 错误:14077410:SSL例程:SSL23_GET_SERVER_HELLO:sslv3警报握手失败(外部/ openssl / ssl / s23_clnt.c:770 0xab9fcc4d:0x00000000)
答案 0 :(得分:4)
自OkHttp v2.3(release notes)以来,OkHttp不再支持其默认配置中的RC4。您可以使用ConnectionSpec(javadoc)启用它,ConnectionSpecTest.java(source code)会显示一些示例。